[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL3 alert write:fatal:unknown CA

--On Thursday, June 26, 2003 4:30 PM -0500 Kent Soper <dksoper@us.ibm.com> wrote:

Pierre Burri wrote:

Hi Kent,
I looked in your excellent Document OpenLDAP_TLS_howto, also because
Gibson-Mount mentioned it.

In Chapter 7 Using TLS you give the following example:

ldapsearch -x -b 'dc=myserver,dc=com' -D "cn=Manager,dc=myserver,dc=com"
'(objectclass=*)' -H ldaps://myserver.com -W -ZZ

I thought TLS was working on port 389 and only SSL was using ldaps://
If that's true the command would be:

ldapsearch -x -b 'dc=myserver,dc=com' -D "cn=Manager,dc=myserver,dc=com"
'(objectclass=*)' -h myserver.com -W -ZZ


Good catch Pierre!

The command needs to have "ldap://"; instead of "ldaps://".  Using ldaps://
with "-ZZ" will not enable a connection to the server.

I still prefer "-H <uri>" over "-h <host>" because the latter is

The doc is new and probably has a few more errors so I'll wait before
updating the document.  Thanks for catching it and thanks for the great

Right, kind of ignore my reply.

But, you could have it be ldaps:// and get rid of the -ZZ.


Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html